IBM Support

Fix Encrypted Fields Error While Importing Microsoft Dynamics CRM Database

How To


Summary

When importing a Microsoft Dynamics CRM (Dynamics 365 on premises) organization database, the import may fail with an error indicating that encrypted fields exist but data encryption is not enabled. This typically occurs when the encryption keys are missing or mismatched between environments. This document explains how to resolve the issue by removing encryption metadata and resetting encrypted values so the database import can succeed.

Objective

To resolve the “There are encrypted fields in the organization database, but the data encryption feature isn't activated” error encountered during CRM database import by removing encryption references and clearing encrypted fields.

Environment

  • Microsoft Dynamics CRM / Dynamics 365 (On‑Premises)
  • SQL Server hosting:
    • MSCRM_CONFIG database
    • Organization database (e.g., ORG_MSCRM)
  • CRM Environment Diagnostic Wizard

Steps

1. Identify the Error

During the CRM database import, the following error is displayed:

Microsoft CRM Environment Diagnostic Wizard

There are encrypted fields in the organization database, but the data encryption feature isn't activated. Contact your Microsoft Dynamics 365 system administrator to activate data encryption.

To activate, go to System Settings > Data Management > Data Encryption.

 

2. Remove Encryption Metadata from the Configuration Database

  1. Open SQL Server Management Studio.
  2. Connect to the SQL instance hosting the CRM databases.
  3. Select the MSCRM_CONFIG database.
  4. Run the following SQL command, replacing <ORG ID> with the organization’s actual GUID.

-- set to your config database

-- use MSCRM_CONFIG

 

DELETE 

FROM OrganizationProperties 

WHERE Id = '<ORG ID>' 

  AND ColumnName IN ('SymmetricKeyPassword', 'SymmetricKeySource');

 

3. Remove the Symmetric Key from the Organization Database

  1. Switch to the organization database (for example, ORG_MSCRM).
  2. Execute the following command:

-- set to your organization database

-- use ORG_MSCRM

 

DROP SYMMETRIC KEY CrmSymmetricKey1;

 

4. Reset All Encrypted Values in the CRM Database

Run the following SQL statements against the organization database to clear all encrypted fields:

UPDATE EmailServerProfileBase 

SET IncomingPassword = NULL, OutgoingPassword = NULL;

 

UPDATE MailBoxBase 

SET Password = NULL;

 

UPDATE QueueBase 

SET EmailPassword = NULL;

 

UPDATE UserSettingsBase 

SET EmailPassword = NULL;

 

UPDATE LocalConfigStoreBase 

SET Value = NULL 

WHERE Value IS NOT NULL;

 

UPDATE ServiceEndpointBase 

SET SASKey = NULL 

WHERE SASKey IS NOT NULL;

 

UPDATE ServiceEndpointBase 

SET SASToken = NULL 

WHERE SASToken IS NOT NULL;

 

5. Reattempt the CRM Database Import

  • Re-run the CRM database import process.
  • The import should now complete successfully without the encrypted fields error.

 

Notes

  • These steps remove all stored encrypted values; credentials and secrets must be reconfigured after import.
  • This solution is appropriate when the original encryption keys are unavailable or cannot be activated.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSGOGO","label":"Microsoft Dynamics 365"},"ARM Category":[{"code":"a8mKe000000004HIAQ","label":"Dynamics 365"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":""}]

Document Information

Modified date:
30 April 2026

UID

ibm17271391

Page Feedback